Luxury hotel chain Marriott International reported that personal information of about 5.2 million guests may have been exposed in a security breach in January.
Hackers accessed guest information using the login credentials of two employees at a franchise property, the company said. Information such as customer names, phone numbers, mailing addresses, birthdays, gender and email addresses could be exposed, the company added.
This is the second such data breach incident reported by the hotel chain in the past 16 months. The 2018 attack exposed around 500 million user details.
It said payment card information, passport information, national identities and driver’s license numbers, along with its loyalty programme Marriott Bonvoy account passwords or PINs, were unlikely to be exposed. However, the investigation is ongoing.
The Bethesda, Maryland headquartered hospitality chain said it has notified its customers about the incident. It is working with insurers to assess the insurance coverage, it added.